Thud: The RunYourOwnServer podcast for July 13th, 2006.
Thud: In this episode - Ubuntu. Why is Ubuntu a good server OS? Some information on the installation, basic lock-downs, OS updates, and a moment of sec.
Thud: This episode's reverse sponsor is Nagios. Nagios is an open source host service and network monitoring program. Nagios is used by many groups to monitor their servers and networks. From large companies and organizations to tidy one-person shops, Nagios is one of the best monitoring tools available. Please visit Nagios.org for more detail.
Thud: Ok. Let's jump right in. Gek, tell us a little bit about the Ubuntu project.
Gek: The Ubuntu project is a great project that's come about because people want to make Linux more accessible to users who aren't technically savvy. They want to make it so that a basic Windows user can take a live CD, pop it in their machine, play around with Linux a little bit, and as soon as they start to feel comfortable, they can install from the same CD.
And it works pretty well. They have a great incentive program for their developers to work on different problems that Linux has, which gives them an advantage above the other distros because they can get features into their distribution, not just via the open source community - they actually have people working to expand the project, and a lot of people. There are a lot of people who support this idea and really like the bounty system that they set up, where if there's a problem that you don't like, you can pay people, or offer a reward to people, to fix it. That entices developers to do the work. Everybody wants to help open source programs, but there's always a nice feeling when you do get something back for it. Usually the bounties aren't very much money. I've seen them in the couple thousand dollars, but most of them are $100 to $200 - you're not going to be rich from fixing these problems.
Thud: OK, so what's the main focus of the project? Just to make an easy-to-use desktop?
Gek: Easy to use, and Ubuntu means "humanity" or "to be humane towards other people"; it's a humanity to others - they want a community and not just an operating system. One of the problems with Linux is that you get a lot of tech. people who aren't always friendly towards non-tech. people. Ubuntu wants to break down those boundaries and allow a place where the average person - whether they're a manager, a housewife, an artist, whatever - can go and meet with developers, meet with technical people, and have a community surrounding their operating system, so you're not just getting an operating system. The support structure is this great community of people who really love the product that they're working on.
Thud: Alright. Are there any main people in the project, any main maintainers?
Gek: There are a lot of people. None of the names jump out at me, but I know that they had developers who previously worked on Gnome. At OSCON, the open source convention, last year, there was a huge buzz about Ubuntu. Everyone was talking about it. It really has gained a lot of respect, considering it's only been around for a few years.
Thud: So why is Ubuntu a good OS for a server?
Gek: Their server offering is actually new, so that's a difficult question. They're based on Debian, so they do have a lot of history - anything that Debian encompasses, they also have. They set up this new idea with Ubuntu 6.06 - and the versioning I'll get into in a minute - which they call LTS, Long Term Support. The idea is that the server platform will be a five year development cycle, where they will support it for five years, and the desktop will be three years. Unlike many of the other distributions, you're not constantly upgrading your desktop. You can stay on the desktop for three years and still get updates. If you're running a server, for a lot of companies, five years is a sweet spot for how long they want support for the patches.
The versioning system that Ubuntu uses has to do with the month and the year that it was released. You can tell what version you've got, when it came out. So 6.06 came out in June of 2006.
Thud: That's an interesting versioning technique.
Gek: It's confusing at first, but once you understand it - yeah, it is a neat way of doing it. It makes it friendlier for users, because then they don't really have to think about, "Well, is this version seven or 8." They'd know that the version just means the date.
Thud: Alright. Let's move on to the installation. Are there any gotchas in the installation?
Gek: That's one of the things that Ubuntu's done really well on. They have made the installation easy, easy. There's not as many options, and even when you get to things like the hard drive partitioning - on Red Hat, Fedora, CentOS, they will show you the partitioning scheme, and you have to decide, "Does this look right? Is this what I want?" But on Ubuntu, they simply ask, "Do you want to take up the entire hard drive? Do you want to use LVM?" You select the appropriate option, and unless you tell it specifically, "I want to look at the partitioning scheme", you don't have to worry about it. It does it according to their standard and just installs it. There really aren't very many questions to ask. I haven't played with the advanced install, but I'm sure it exists.
And they do offer the Debian preseed ability to install boxes, which is kind of like kickstart; I've also not played with that, but from what I understand, it works pretty well. They have streamlined both the desktop and server installs so that you really don't answer a whole lot of questions. You just tell it, "This is what I want. Go."
Thud: That definitely makes it easy to install, it sounds like.
Gek: Yeah installs don't take very long either. Their installer is really fast.
Thud: Alright, let's move on to lock-downs. What kind of lock-downs can you do on a default install of Ubuntu?
Gek: Anything that you can do on Fedora and Red-Hat will also work on Ubuntu; it's just a different mechanism you use to turn things on and off. They have a built-in ad-remove-programs-like feature which I believe is based off of Synaptic. The package system that Ubuntu uses is Debian Packages, so the back end for all of that is Apt - if you're familiar with Apt, they support apt-get, apt-cache - all of the regular Apt tools. You can install packages just with the Synaptic Gooey installer, and you basically check off a box saying, "I want emacs, or I don't want emacs," and you uncheck it and it'll remove emacs.
As for as lock-downs go, I haven't played with it enough to say, "Here's the things you definitely need to turn off, " but they have been thinking about it, because one of the things they do is generate a random root password, and they don't give you the root password when you install the box. You make an account as part of that install, you make your own account, and that account is given sudo-privileges, and then you assign your own password. So, you can run everything from root and if you really want to, you can go in and change the root's password and log in as root.
I think for the most part, they've really given security a lot of thought. That sounds like a great idea for me, for the average user - they don't need root access. They just need the ability to do things as root when they need to change a network card or if they want to look at log files. So, taking away your own root access isn't necessarily a bad thing, and if you need it, you can get it.
Thud: OK, let's talk about updates now. What is the process for updating Ubuntu?
Gek: Well the built-in process is really cool. It actually works similar to what Windows users are used to, where, when it detects an update - and it has this little client that'll go and check to see if there are updates for your Ubuntu - it'll actually pop up a little balloon that says, "Hey, you've got updates, buddy! Want to install them?" and all you have to do is look through them - I don't know if you have to check them off or not - but you click "Install" and it'll install the updates for you, and if you're someone who's familiar with Apt, you can go in and do it manually like you would for a Debian box.
So they haven't broken the old tools with their new tools, so you can do it either way, whichever you're more comfortable with.
If you go to the main website, on the right-hand side, they have a link that says "Security Notices" and when you click on that, they show all the vulnerabilities. So if you want to watch vulnerabilities when they come out, that's one way to do it. The other way is to subscribe to their mailing list, and then you'll know when you need to go and update if you want to do it manually and not wait until the little daemon checks.
Thud: From what I understand, Apt is a lot like Yum on Fedora. Can you compare the two?
Gek: I think they kind of modeled Yum after Apt. It seemed like Red Hat didn't have something that made it as easy. Up2date doesn't really have all the functionality of Apt. You can do updates, but you couldn't really install packages right away. It's basically a tool that you can issue commands to; you set up a sources list where you tell it what servers you want to be able to pull packages from, and those don't have to be Ubuntu servers. There's a lot of other repositories out there, say for instance, I'd started developing my own stuff, and I wanted to package it for Debian but I didn't want to make it part of the Ubuntu tree, I just wanted to make it available to Ubuntu users if they wanted it.
I could set up my own repository, and then all they have to do is add me to their sources list, then they could type apt-get install Gek's Package, and it would automatically install from my repository. An important thing to note about Ubuntu is that they have three different categories of repositories: they have the basic distribution - what comes with Ubuntu - then they have universe and multiverse, and in order to enable a lot of the functionality, you have to go into your own sources file and uncomment your own universe and multiverse repositories.
By default they're commented out because they include licenses that Ubuntu doesn't agree with, or commercial products that require some kind of acknowledgment before they get installed, so it's one way that they try and protect themselves and their users from getting stuck with software that is proprietary.
Thud: all right, for this episode's Moment of Seq, we're going to talk about system monitoring. Gek, tell us what you use to monitor your systems and a little about what the process for that is.
Gek: Well one if the things I use is Nagios, but really that's just so I can be really lazy. The things that you want to monitor when you're monitoring your systems are CPU usage, and not just spikes. You want a nice baseline so that you can see when something weird jumps up. You can use memory as an indicator that there's something weird going on. If you've got a bunch of processes that are all of a sudden using five-times the memory, something might not be right there.
In order to do this kind of trend analysis where you look and say, "You know what, this box has only been running at 5% CPU for seven years, and this week it's decided to run at 100% CPU for the past 36 hours, " that's something you need to look at, and the only way that you're going to be able to tell that is if you're keeping track of things.
You can do this with a lot of different methods. MRTG is something I use to monitor one of my boxes. That's typically used for monitoring network traffic, but you can set it up with the SNMP string to monitor your CPU usage or even your memory usage or network usage too.
Basically I have one box where I render fractals, and that box I expect to be at 100% CPU all the time. If it's not, something is wrong. Or, it's run out of fractals to process, but that's going to be several months. So, what I do is, I go and look at that maybe once or twice a week, and just make sure that the whole MRTG graph for that box for CPU usage is green, and then I know everything is OK.
On my other boxes I monitor CPU usage, but I'm looking for the opposite. If I see that there's large spikes, then I start trying to go through the logs, or back through my memory, and remember if I was doing anything that would have caused those.
Is there anything that you usually do, just for basic monitoring, for security?
Thud: Yeah, I do a lot of those same things. It's all about just getting the information in a timely fashion so you can just watch for trends, so that you can see if your box is doing anything out of the ordinary. It's a very simplified way of doing kind of a host-based intrusion detection. You're not really detecting when your box gets hacked into, but you are detecting that something is not exactly right, so it raises your attention to look into it a little bit further. So, it's just a matter of monitoring things in a trend fashion so you can see when something isn't normal. You have to know what normal is to know when something isn't normal.
Gek: And collecting it isn't just enough, you have to be disciplined to look at it, too, because I can collect all the stats in the world, but if I never look at them, they don't matter.
Thud: Exactly. There's actually a lot of automated tools out there for doing just that, but just getting in the habit of setting up -- even if you're not scripting it. If you log on to a box a couple of times a week, because you're only on there a few times a week, when you log onto the box, if you just run top when you first log in, check that out, maybe vmstat or something like that to look at some other loads. Just get into the habit of doing that. You can mentally collect those and get an idea of what the system should be doing. You don't necessarily need to go through the trouble of setting up all the automated tools; it really just depends on what the box is doing and how much you care about it.
So, Gek, what are you're closing thoughts for this episode?
Gek: Ubuntu is a project I've always been pretty excited about since I heard about it. It has a very nice philosophy, and I really do want to help this sort of project out, because they really are trying to appeal to a larger audience. They're trying to make Linux more available and more accessible to people who really don't want to spend the time that I would be willing to spend to learn how to use it. And, that's a good thing. I think that anything that would get people away from Microsoft, not just because I don't like Microsoft, I think that you need diversity, and if Ubuntu can help make things more diverse by offering an option that's as easy as Windows or Apple, and free (or even if they decide to charge for it later), if they get people interested, it's a good thing.
Anything open source is a really good thing, and not just because it's free. There's a lot of work being done on this project, which means there's a lot of new code being developed, which means that people who want to learn how to code can go and look at the new code and learn. One of the things that Ubuntu is good about, is that they want this community. They want a really big community of people helping make it better. And, that seems to be a reoccurring theme throughout their website, where you can just tell that collaboration is huge.
One thing I plan to do at work is, I'm currently back on a Windows OS, and one of the things that I really want to do is get back to a Linux or BSD based distribution and the first one that came to mind was Ubuntu. I think I'm going to give it a shot on the desktop again. I used it about a year ago, but the newest version really has changed, and I like the things that they've done. I want to put it back on my desktop and use it for awhile and really see how they've improved it.
What do you think about Ubuntu?
Thud: Well, I really don't have a whole lot of experience with it, but, from what I can gather, it seems like a really good project. It sounds like they have a solid understanding of how the coding needs to be and all of the support structure you need in order to have a distribution that is really meant for an end-user that isn't that familiar with Unix in general.
I also like some of the security features that they have like by default you not having the root password. It doesn't add a whole lot more security, but at least it shows that they're thinking about it and that they're trying to do things the right way in order to keep security high, but keep things usable as well.
Gek: And they don't seem to be afraid to try something different or unusual for the Linux community.
Thud: Yeah, it seems like they're really more user focused. So, even if the Linux community doesn't agree with a certain way that they want to do something, it appears that if it makes the user experience better, they're going to go that way.
Gek: Yeah, one of the things that struck me at OSCON was that the people who are supporting Ubuntu weren't just developers and techies. There were also just average users standing up and supporting this distribution, because it was one that wanted to listen to their needs.
[music / outro, "Down the Road" by Rob Costlow]
Thud: For show notes or other details, please visit our website at runyourownserver.org.
If you would like to send us feedback or have questions you would like us to answer on the show, please send an email to podcast att runyourownserver.org.
The intro music, "I Like Caffeine" is by Tom Cote. This song, "Down the Road" is by Rob Costlow. Please visit our website for links to their websites.
This podcast is covered under a Creative Commons license. Please visit our website for more details.